I have a simple docker-compose file like the following:
version: "3.7"
services:
mongo:
image: asia.gcr.io/myproj/mymongo:latest
hostname: mongo
volumes:
- type: bind
source: $MONGO_DB_DATA
target: /data/db
command: [ "--bind_ip_all", "--replSet", "rs0", "--wiredTigerCacheSizeGB", "1.5"]I am launching it in Kubernetes using the following command
docker-compose config | docker stack deploy --orchestrator kubernetes --compose-file - mystackHowever, when the pod fails with this error
Failed to pull image "asia.gcr.io/myproj/mymongo:latest": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials. To authenticate your request, follow the steps in: https://cloud.google.com/container-registry/docs/advanced-authenticationMy private registry is the gcloud one. I have already logged in docker like the following using the service account keyfile.
docker login -u _json_key -p "$(cat keyfile.json)" https://asia.gcr.ioThe image is pulled correctly when I run
docker-compose pullFrom this link https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/, I found that I need to create ImagePullSecrets
I have two questions.
How can I write the ImagePullSecrets syntax in my docker-compose so that it is referred correctly.
The method that the links mentions asks you to use .docker/config.json file. However, my config.json has
"auths": { "asia.gcr.io": {}, }, It doesn't include the username and password since I configured it using the keyfile. How can I do this?
Or is there any simpler way to do this?
I solved this issue by first creating a secret like this
kubectl create secret docker-registry regcred --docker-server https://<docker registry> --docker-username _json_key --docker-password <json key> --docker-email=<email>and then adding it to the default service account
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}'